From f2b0c56316d61ba3de406159535b72a0ea91d6c0 Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 10 Dec 2024 12:17:13 +0000
Subject: [PATCH] Remove exception and conditionally protect keys with KV
 (#1241)

---
 .../Dfe.PrepareConversions/Utils/DataProtectionService.cs  | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Utils/DataProtectionService.cs b/Dfe.PrepareConversions/Dfe.PrepareConversions/Utils/DataProtectionService.cs
index fd76c82fb..4d138a378 100644
--- a/Dfe.PrepareConversions/Dfe.PrepareConversions/Utils/DataProtectionService.cs
+++ b/Dfe.PrepareConversions/Dfe.PrepareConversions/Utils/DataProtectionService.cs
@@ -15,16 +15,15 @@ public static void AddDataProtectionService(this IServiceCollection services, IC
          var dpTargetPath = "@/srv/app/storage";
 
          if (Directory.Exists(dpTargetPath)) {
+            dp.PersistKeysToFileSystem(new DirectoryInfo(dpTargetPath));
+
             // If a Key Vault Key URI is defined, expect to encrypt the keys.xml
             string kvProtectionKeyUri = configuration.GetValue<string>("DataProtection:KeyVaultKey");
 
             if (!string.IsNullOrWhiteSpace(kvProtectionKeyUri))
             {
-               throw new InvalidOperationException("DataProtection:Path is undefined or empty");
+               dp.ProtectKeysWithAzureKeyVault(new Uri(kvProtectionKeyUri), new DefaultAzureCredential());
             }
-
-            dp.PersistKeysToFileSystem(new DirectoryInfo(dpTargetPath));
-            dp.ProtectKeysWithAzureKeyVault(new Uri(kvProtectionKeyUri), new DefaultAzureCredential());
          }
       }
    }